Mumbai Jan 8 IANS Continuing its efforts to improve the safety of card transactions the Reserve Bank of India RBI on Tuesday extended the use of tokenisation -- hiding of actual card details with a unique token -- in the wider payments ecosystem To date the RBI had allowed card payment networks like Visa and MasterCard to use the tokenisation technology in card transactions The technology is now allowed to be used by merchants holding the card credentials like online retailers It has now been decided to permit authorised card payment networks to offer card tokenisation services to any token requestor ie third party app provider the RBI said in a statement For now the facility will be offered through mobile phones and tablets only The permission extends to all use cases and channels like near field communication NFC magnetic secure transmission MST -based contactless transactions in-app payments and QR quick response code-based payments the bank said The Reserve Bank has today Tuesday released guidelines on tokenisation for debit credit prepaid card transactions as a part of its continuous endeavour to enhance the safety and security of the payment systems in the country the statement said Tokenisation involves a process in which a unique token masks sensitive card details and thus in lieu of actual card details this token is used to perform card transactions The token will be unique for a combination of card token requestor and identified device While all other instructions related to card transactions will be applicable for tokenised card transactions as well the RBI stated The ultimate responsibility for the card tokenisation services rendered rests with the authorised card networks Before providing card tokenisation services card payment networks will have to put in place a mechanism for periodic system including security audit at frequent intervals at least once a year of all entities involved in providing card tokenisation services to customers Tokenisation and de-tokenisation shall be performed only by the authorised card network and recovery of original Primary Account Number PAN should be feasible for the authorised card network only Adequate safeguards shall be put in place to ensure that PAN cannot be found out from the token and vice versa by anyone except the card network the RBI said Registration of card on token requestors app will be done only with explicit customer consent and the customers will have the option to register de-register their card for a particular use cases like contactless and QR code-based Card issuers shall ensure easy access to customers for reporting loss of identified device or any other such event which may expose tokens to unauthorised usage Card network along with card issuers and token requestors shall put in place a system to immediately de-activate such tokens and associated keys the bank added --IANS